imports:
    - { resource: ./../config/default.yml }

parameters:
    env(APP_IP): '127.0.0.1'
    env(APP_IPS): '127.0.0.1, ::1'

security:
    password_hashers:
        Symfony\Component\Security\Core\User\InMemoryUser: plaintext

    providers:
        in_memory:
            memory:
                users:
                    johannes: { password: test, roles: [ROLE_USER] }

    firewalls:
        # This firewall doesn't make sense in combination with the rest of the
        # configuration file, but it's here for testing purposes (do not use
        # this file in a real world scenario though)
        login_form:
            pattern: ^/login$
            security: false

        default:
            form_login:
                check_path: /login_check
                default_target_path: /profile
            logout: ~
            lazy: true

        # This firewall is here just to check its the logout functionality
        second_area:
            http_basic: ~
            logout:
                target: /second/target
                path: /second/logout

    access_control:
        - { path: ^/en/$, roles: PUBLIC_ACCESS }
        - { path: ^/unprotected_resource$, roles: PUBLIC_ACCESS }
        - { path: ^/secure-but-not-covered-by-access-control$, roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: PUBLIC_ACCESS }
        # these real IP addresses are reserved for docs/examples (https://tools.ietf.org/search/rfc5737)
        - { path: ^/secured-by-one-real-ip$, ips: 198.51.100.0, roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-one-real-ip-with-mask$, ips: '203.0.113.0/24', roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-one-real-ipv6$, ips: 0:0:0:0:0:ffff:c633:6400, roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-one-env-placeholder-multiple-ips$, ips: '%env(APP_IPS)%', roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: PUBLIC_ACCESS }
        - { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: PUBLIC_ACCESS }
        - { path: ^/highly_protected_resource$, roles: IS_ADMIN }
        - { path: ^/protected-via-expression$, allow_if: "(!is_authenticated() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
        - { path: .*, roles: IS_AUTHENTICATED_FULLY }
